So this maybe a little long but here is the general jist of the article - SEP can install SEE - using a specialized group and the Host Integrity Policy - you can Install or Upgrade the Client using the steps below.
SEE ver 11 has no embedded way to native deploy or upgrade its own agents -
Keep in Mind - you need to know your network and your clients to use HIC to install or upgrade the clients -
1 - NEVER - NEVER - NEVER - try to install over another encryption product - if its a MAC OS - using the native encryption client - leave it alone - SEE ver 11 will eventually be able to manage those keys also - same with BitLocker - Do NOT do double work just for the sake of having everything on one platform - That goes for Symantec Whole Disk Encryption also - the road map is to merge PGP WDE and SEE at some point just let the WDE clients chill and phase them out as they go -
2 - NEVER - NEVER - NEVER - try to update an entire Windows Service Pack on an encrypted client - Bad Idea - do not do this -
-------------- Symantec Endpoint Encryption - Pre-Work -
1) You must be on 12.1 RU5 on the Management Server -
2) You must create a specialized group - call it SEE HIC INSTALL - with a Subgroup - SEE HIC Upgrade
2a) Open the Management Console - click on My Company - or Default Group - right click - chose Add group - name group
3) Go to the new group you just created - Uncheck inherit policies from XXXXXX -
4) Go to Policies -- Add Policy - add the Default HIC Policy - KEEP IN MIND there are no Computers in this Group currently
5) Right Click the HIC policy you just added and create a NON-SHARED from COPY
6) Rename this POLICY to something apporpriate - SEE TEST HIC INSTALL
7) CLick Requirements in the middle screen click ADD - Windows - Use Existing Template - Symantec Encryption Full Disk - click OK
8) on the requirements tab - Open the new entry when we are done it will look like this - remove the current information as the existing template is for SEE version 8.2 - not SEE ver 11.
Image may be NSFW.
Clik here to view.
9) IF not Line is the only change besides the Downloaded program file name that changes between these two policies
Image may be NSFW.
Clik here to view.
<- INSTALL
You could also look for the running Service for your current Encryption Product -
10) To use the Download File option - You need a Network accessible share that all users can access - and know the target Directory you want it downloaded to - %WINDIR%\Temp
11) Once Downloaded - RUN THE PROGRAM - set it too run in SYSTEM CONTEXT - not User -
12 - WAIT - this sets a time frame for the system to wait before moving to the next step - any time frame you are comfortable with - keep in mind the files this downloads to install on the System are an average of 20mb for MGMT and DE or 25 mb with MGMT / DE and Auto Logon.
13) Fail line - self explanatory -
--------------- UPGRADE ---- same steps as starting at 9 and continueing on to 13 -
9) - IF not Line is the only change besides the Downloaded program file name that changes between these two policies
Product Build Numbers by Version -
11.0 MP1 - 7726 / 11.0 MP2 - 8350 / 11.0 MP3 - 8723
Image may be NSFW.
Clik here to view.
<- Change the String Value to the Product Build Number above the corresponds with your currently installed client
--------------------- DO NOT USE THIS ON A CLIENT on IN PROGRESS CLIENTS - i.e ENCRYPTING / DECRYPTING